Monthly Archives: January 2014

Cyber Security Incident Response: Are we as prepared as we think?

Lancope, Inc., a leader in network visibility and security intelligence, today announced the results of a Ponemon Institute report entitled, “Cyber Security Incident Response: Are we as prepared as we think?” Findings show that while security threats are imminent, CEOs and other members of the management team are in the dark about potential cyber-attacks against their companies. The research also shows that, as a result, Computer Security Incident Response Teams (CSIRTs) often lack the resources necessary to fend off the continuous onslaught of advanced threats facing today’s organizations.

Commissioned by Lancope, the Ponemon Institute research surveyed 674 IT and IT security professionals in the United States and the United Kingdom who are involved in their organization’s CSIRT activities. The study concludes with key recommendations for organizations looking to improve their incident response process.

Key findings from the study include:

Security incidents are imminent – Sixty-eight percent of respondents say their organization experienced a security breach or incident in the past 24 months. Forty-six percent say another incident is imminent and could happen within the next six months.
Management is largely unaware of cyber security threats – Eighty percent of respondents reported that they don’t frequently communicate with executive management about potential cyber-attacks against their organization.
Organizations are not measuring the effectiveness of their incident response efforts – Fifty percent of respondents do not have meaningful operational metrics to measure the overall effectiveness of incident response.
Breaches remain unresolved for an entire month – While most organizations said they could identify a security incident within a matter of hours, it takes an entire month on average to work through the process of incident investigation, service restoration and verification.
CSIRTs lack adequate investments – Half of all respondents say that less than 10 percent of their security budgets are used for incident response activities, and most say their incident response budgets have not increased in the past 24 months.
Network audit trails are the most effective tool for incident response – Eighty percent of respondents say that analysis of audit trails from sources like NetFlow and packet captures is the most effective approach for detecting security incidents and breaches. This choice was more popular than intrusion detection systems and anti-virus software.
“The findings of our research suggest that companies are not always making the right investments in incident response,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “As a result, they may not be as prepared as they should be to respond to security incidents. One recommendation is for organizations to elevate the importance of incident response and make it a critical component of their overall business strategy.”

“If 2013 is any indication, today’s enterprises are ill-equipped to identify and halt sophisticated attacks launched by nation-states, malicious outsiders and determined insiders,” said Mike Potts, president and CEO of Lancope. “Now is the time for C-level executives and IT decision-makers to come together and develop stronger, more comprehensive plans for incident response. This communication is critical if we want to reduce the astounding frequency of high-profile data breaches and damaging corporate losses we are seeing in the media on a near-daily basis.”

Results to be presented at RSA Conference 2014 and via webinar

Dr. Larry Ponemon will join Lancope, The Coca-Cola Company, General Motors and Viewpost executives in an RSA Conference 2014 panel discussion to explore the results of the study and share insights on how to build a great CSIRT with the executive support and respect it needs. The panel, “Why Cyber Incident Response Teams Get No Respect,” will take place on Wednesday, February 26, at 9:20 a.m. U.S. Pacific time in Room 3009 at the Moscone Center in San Francisco.

The results will also be presented via a free webinar on January 29, 2014 at 8:00 a.m. U.S. Pacific time. Participants can join Dr. Ponemon and Lancope’s director of security research, Tom Cross, to hear about the key mistakes organizations are making when it comes to incident response, and how the right mix of people, processes and technology can dramatically improve incident response efforts. Those interested can register at:

Further Information

For media inquiries related to the Ponemon Institute incident response study, or to schedule briefings with Lancope and Dr. Larry Ponemon at RSA Conference 2014, please contact Lesley Sullivan or Kendra Dorr at For a full copy of the study, “Cyber Security Incident Response: Are we as prepared as we think?” please visit:

She said no to the FBI; but you say yes every day

WickrWith all the screaming about the NSA hacking into our lives, Americans have kind of missed the point.  We’ve voluntarily given our lives to private companies for years.  Government agents don’t have to hack us. They can simply ask any of these companies for everything they have. The Supreme Court says so.  It’s known as the “third-party doctrine.”  Give your data to a private company, and you lose your rights to any expectation of privacy. Even if it’s illegal for the Feds to spy on us directly (whatever that means now), it’s perfectly legal for the Feds ask private companies for whatever data they have and use it against us. Data given voluntarily by you to any company can be given voluntarily to the Feds. This odd three-step process is often a mere inconvenience. And if you don’t think it happens, just ask Nico Sell.

Sell is co-founder and CEO of Wickr, a company that enables private messaging.  At a recent conference, she told the audience that Wickr was upgrading to better encryption for more privacy.  As she tells Max Eddy of PC Mag, Sell was barely off the podium before a Fed walked up to her and casually asked for back-door access to Wickr so the FBI could access users’ secret messages.  He said it the way you and I might invite someone to coffee.

“I was surprised the agent asked me because if he had done any homework, he would have known the answer was no.  Doesn’t he use surveillance?:)  Or at least Google?  I think he was trying to intimidate me,” Sell told me.  ” If this was the first time I had dealt with the FBI, I would have been scared.”

Sell says she turned the tables on the agent. She started asking for official documentation, asked who his boss was, and so on.  He slunk off, tail between his legs. But you and I know many companies are star-struck by the business card with the FBI logo, and say yes. Others fear they don’t have a choice, or don’t know better. Sell even admits that she might have caved when she was younger. After all, who doesn’t want to help catch bad guys?

That’s how this works.  As a reporter, I’ve had plenty of encounters with agents who asked me to share what I know.  In fact, once, I was even summoned before a grand jury.  Fortunately, I had a boss named Merrill Brown who forcefully explained to me that reporters don’t do cops’ work for them.

The Edward Snowden disclosures are fascinating because they demonstrate the radical steps our government will take to make sure that no one, no where, can keep a secret.  Note that in Sell’s story, the agent was not hot on the trail of a terrorist.  He was just looking to open a one-way communication channel for future fishing expeditions. As anyone who’s ever interfaced with the FBI or other three-letter agencies in this manner knows, the agency wants to suck up every piece of information in the world, but doesn’t want to share a thing about what it’s doing.  It wants to make sure there are no secrets. Often, all that requires is a simple question.

It’s great we are all engaged in the dialog now – for now.  But I fear we’ve lost sight of the real problem. Americans share everything about themselves with hundreds, even thousands of companies every day. And those companies often have casual relationships with law enforcement to rat us out.  By the time all the hearings and lawsuits are over, I’m sure there will be strict new “procedures” limiting when the  NSA can and can’t hack into Google’s computers and hijack our digital lives. But that won’t matter much if agents can keep making their casual sales pitches to people like Nico Sell.

2013 Survey on Medical ID theft released

We are pleased to announce the release of our 2013 Survey on Medical Identity Theft. This is the fourth year of the study and as in previous years we find that medical identity theft continues to be a costly and potentially life-threatening crime. However, unlike other forms of identity theft, the thief is most likely to be someone the victim knows very well. In this study of more than 700 victims of this fraud, most cases of identity theft result not from a data breach but from the sharing of personal identification credentials with family and friends. Or, family members take the victim’s credentials without permission.
We believe that individuals, healthcare organizations and government working together can reduce the risk of medical identity theft. First, individuals need to be aware of the negative consequences of sharing their credentials despite possible good intentions. They should also take the time to read their medical records and explanation of benefits statements to ensure that their information is correct. Second, healthcare organizations and government should improve their authentication procedures to prevent imposters from obtaining medical services and products.
Sponsored by the Medical Identity Fraud Alliance (MIFA), with support from ID Experts, the report can be found at